Hi there
Just a very basic question. I've read many arguments against having a regular user(s) for server systems. Most of the arguments against having a regular user are related to not having regular users for servers. The afterboot(8) manpage says that one should create a regular user. I just wanted to know your opinion about whether to have a regular user for a dedicated firewall system. I don't need to log in remotely. Sorry about posting such a trivial question. It's just that i couldn't find anything about this when i googled it.
btw i'm extremely happy with my new OpenBSD4.8 system. I've just brought my system up to date with the latest stable version. Works like a charm.
Thank you for your time and any replies.

Most of the arguments against having a regular user are related to not having regular users for servers.

I disagree with the argument.

Special-purposed systems aside, systems still need to be administered, & doing so in a responsible strategic manner may save one from making a mistake catastropic which otherwise might have been contained or perhaps prevented by working from a user account.

Working from a user account is considered a best practice. It forces one to better understand interconnections, & how to work within restrictions. Administrating from the root account provides less barriers, & people become sloppy because confinements aren't there. Working as root doesn't push one to learn & understand Unix as much as if a user account is consistently used.

Mistakes happen. The goal of proficient & effective administration is to have practices in place which minimize unwanted results which frequently are downtime & data loss. Running as root provides no protection, so the math appears pretty clear -- especially for special purposed systems such as firewalls which aren't performing their role if they are down or out-of-date.

Become friends with sudo(8). Learn what is needed to keep systems current. Chicks are attracted to those that use sudo(8) to keep their systems current.

I always make extra user accounts on any server or firewall, at the very least I make an 'admin' account. There's no reason to run around will full hardware or file system power (root) when I'm only messing with pf or the samba setup.